|
|
Many web sites contain design flaws, thus, exposing them to hackers. Much of the data indexed by search sites can be misused, and site owners may not realise that sensitive or confidential information is so readily available as part of a search index. As more businesses put up web sites, the danger of hacking is increasing. A look at how to secure web applications. As companies rush to take advantage of the increasing amount of time users spend on the web to sell them everything from cars to carpeting, malicious hackers are likewise rushing to take advantage of the flawed web applications that deliver these online services. You don't need any specialised tools, and you don't need any specialised skills either to hack into a web site. All you need is a web browser and the ability to enter the appropriate search syntax to Google your own site, or anybody else's for that matter. It doesn't take much time, and the payoffs could be huge: an intruder could easily obtain a copy of your most sensitive data in about the time it takes to read through this essay. Web site hacks are on the rise and pose a greater threat than the broad-based network attacks. Whereas attacks against networks disrupt internet service and negatively impact companies trying to do business over the web or private networks, attacks against web applications threaten to steal critical customer, employee, and business partner information stored in applications and databases linked to the web. Web hacking attacks numbered 58 in 2005, up from 16 in 2004 and 9 in 2003, according to the Web Application Security Consortium. Another 41 attacks have been reported this year against sites including open-source repository Sourceforge.net and social network MySpace.com, putting 2006 on pace to be the worst year yet. Keyloggers are fast becoming among the most prevalent and insidious online threats: More than half of the viruses, worms and other malicious computer code that Symantec now tracks are designed not to harm host machines but to surreptitiously gather data from them. These keylogger-control web sites follow a trend toward automation in other realms of online fraud, such as virus-creation programmes, spamming software and pre-packaged toolkits to help fraudsters set up "phishing" sites -- web pages designed to trick people into giving away their personal and financial data at what looks like a legitimate e-commerce or banking site. Why is this happening? There are several reasons. One is the prevalence of hacking tools online that can be found simply by using the Google search engine. The trick is using Google's search engine to look for specific terms, such as passwords, salary details, and customer details. The opportunities are enormous. Many web sites contain inherent design flaws that leave them ripe for exploitation. These flaws are not immediately obvious and the fixes are not simple. Another reason is that web applications aren't typically designed with security in mind, which leaves them open to SQL injections and cross-site scripting attacks that manipulate input entered into an application field in order to get the application to cough up more information than the user has the right to see. This trend is particularly disturbing to financial services companies looking to make online banking and investing less expensive and more convenient. And don't count on banking customers to fend for themselves. A TD Canada Trust survey of more than 700 consumers found that less than 30 per cent of web banking users were aware of the terms "phishing" and "Web site spoofing." Most customers believe their bank should be primarily responsible for security measures with respect to online banking. Whether through more secure application programming practices, authentication devices, or firewalls, or all three, Web applications are going to have to become more secure. Otherwise 2006 is likely to be just as bad a year for customer data as 2005 was.
|
Issue Contents Write to us Subscription Syndication INDIA TODAY |
INDIA TODAY PLUS © Living Media India Ltd |